ISSUE-176 (ACTION-301): Requirements on intermediaries/isps and header insertion that might affect tracking

On 4-10-2012 12:02, Tracking Protection Working Group Issue Tracker wrote:
> ACTION-301: Eijk to draft explanation on intermediaries and inserted headers (Tracking Protection Working Group)
Non normatieve tekst:
The issue applies to HTTP headers that flow between the endpoints of an 
user agent and a server. The usecase is that an ISP's injects the HTTP 
header with an unique subscriber ID,  for example 
X-SUBSCRIBER_ID=<unique_subscriber_number>. The subscriber_number is 
(often) the same unique number across sites, time and (mobile) devices 
if the same subscriber's connection to the internet is used .

A possible way forward is: treat the intermediary/isp like a proxy, and 
add normative text i.e restrict/forbid the injection of an unique 
subscriber identifiers in the HTTP header when the HTTP header contains 
a DNT:1 signal. This is an analogy of proxies that must not change the 
value of a valid DNT signal.

  Other ways forward:
- treat intermediary/isp as third party; or
- prevent data append.

Received on Thursday, 4 October 2012 21:12:32 UTC